Lectures are Tuesdays 10:00-12:00 in KA and Fridays 10:00-12:00 in HA3. See the schedule for details.
|Lecture #||Week #||Date (mmdd)||Room||Topic (slides)||Add. Material||Stallings||Katz-Lindell|
|1||1||1101||KA||Introduction - Historical Ciphers||Yes||1.1, 2.1 - 2.4||1.1 - 1.3|
|2||1||1102||HA3||OTP, semantically security, stream ciphers, PRG - OTP Semantic Security Proof||
Formal Proof for Shannon's Theorem
and Perfect Secrecy of the OTP (up to Sec. 3)
|2.1, 2.2, 7.1, Add Material||1.4, 2, 3.3.1|
|3||1||1104||HA3||PRG/PRF/PRP, Block ciphers (DES/AES/CBC)||3.1 - 3.5, 5.2 - 5.6, 7.1, 6.2, 6.3||6.2, 3.5.1, 3.6.2|
|4||2||1108||KA||Block Cipher and their security, intro Pub. Key Crypto||Yes||8.1, 9.1, 9.2, 14.5||3.4.2, 10.4, 8.1.1, 8.1.2, 11.1, 11.2.0, 11.5.1, 12.4|
|5||2||1111||HA3||PKCryptography, PKEncryption, Signatures (RSA, EEA, modular inverses, Primality Test)||Yes||4.1 - 4.3, 8.1, 8.3, 9.1 - 9.2||4.1.1 - 4.1.2, 8.2.2, 11.5.1, 11.2, B.1 - B.2|
|6||3||1115||KA||Number Theory and Group Theory for Public-Key Cryptography||Yes||2.5, 2.7, 4.4, 5.1, 8.1 - 8.3, 8.5, 9.2||7.1.1, 7.1.3, 7.1.4, 7.2|
|7||3||1118||HA3||RSA, ElGamal, Security (DLog, Factoring) + Exercises||8.5, 10.2||8.3.1, 8.3.2, 9.0, 11.4.1|
|8||4||1122||HA3||DH, KeyExchange Protocol, Fiat Shamir (some exercises), quick look Sigma-protocol and Zero-knowledge||Yes||10.1||10.3|
|9||4||1125||HA3||Secure MultiParty Computation, Secret Sharing||Yes|
|10||5||1129||HC2||Hash function, Birthday Paradox, One Way function||11.1, 11.3, 11.4, 13.1, 13.6||4.1, 5.1, 5.4.2, 12.1, 12.2, 12.4|
|11||5||1202||HA3||Data integrity / Authentication Digital Signatures, MACs||11.3, 11.5, 12.1-12.4, 13.2||4.2, 4.3, 5.3, 5.4|
|12||6||1206||HC2||Additional topics: Elliptic curves cryptography|
|14||7||1213||HA3||Course Recap (quizzes, old exams, etc.)|
The course has used material from the Cryptography I course at Stanford University.
Exercises are Fridays, 08:00-10:00, in HA3. See the schedule for details.
|1||1104||HB2||Historical Cipher, OTP, semantically security, stream cipher, PRG||Solution||Carlo|
|2||1111||HA3||PRG/PRF/PRP, Block cipher (DES/AES/CBC), Block Cipher and their security, intro Pub. Key Crypto||Solution||Carlo|
|3||1118||HA3||PKCryptography, PKEncryption, Signatures (RSA, EEA, modular inverses, Primality Test),Number Theory, Group Theory, Chinese Reminder Theorem, Euler, Fermat||Solution||Wissam|
|4||1125||HA3||RSA, ElGamal, Security (DLog, Factoring) + Exercises,DH, KeyExchange Protocol||Solution||Wissam|
|5||1202||HA3||Hash function, Birthday Paradox, One Way function, Number Theory Recap||Solution||Wissam|
|6||1209 - 10:00/11:45||HA3||Secure MultiParty Computation, Secret Sharing, Fiat Shamir, Course Recap (in preparation to the exam)||Solution||Carlo|
Cryptography is becoming increasingly important to enhance security in connection with data storage and communication and various kinds of electronic transactions. This course aims to give students
We will cover only a small selection of classical (paper-and-pencil) cryptosystems, including substitution and transposition (permutation) ciphers as Vigènere. You should know how these work and how to cryptanalyse them. Among tools here you should know how to make use of mono-, bi- and n-gram frequencies, the Kasiski test and coincidence index.
You should also know the principles behind rotor machines such as Enigma and have an understanding of the importance of these machines and their cryptanalysis during World War II.
This material is covered in Chapter 2 of the course book. There is also a large number of web sites devoted to these topics, easily found by Google search.
We discuss SP networks and Feistel networks as general constructions for block ciphers and examplify concrete constructions with DES and AES/Rijndael. We also discuss modes of operation, including at least ECB, CBC and CTR mode and how to combine encryption and MAC authentication. Finally, we discuss key management for symmetric encryption. Book references: chapters 3, 5 and 6. MAC's are covered in chapter 12.
We will discuss the basic ideas of public-key cryptography as based on one-way functions with trapdoors. Then we will discuss ElGamal and RSA encryption/decryption in detail, on the way reviewing necessary number theory, (modular arithmetic, Chinese remainder theorem). Hash functions, in particular iterative constructions such as MD5 and SHA-1 and their properties are discussed before we turn to use of RSA for digital signatures. Diffie-Hellman key exchange and the discrete logarithm problem is covered. We will also discuss prime number generation, in particular the Rabin-Miller test.
A brief overview on algorithms for factoring and discrete logs is included to give an understanding of how recommended key lengths are chosen. The analysis of algorithms for discrete logs will also suggest the use of other cyclic groups than (subgroups of) Zp for cryptographic purposes. We will introduce elliptic curves as an important example.
This is covered in chapters 9, 10 and 13 of the course book.
In this brief part we discuss Linear Feedback Shift Registers as a way of implementing stream ciphers and analyze their properties and give some examples. We also discuss RC4. Stream ciphers are discussed in chapter 7, but LFSR's are not mentioned.
Cryptographic primitives need to be embedded in protocols in order to provide useful services. We will discuss a number of such services as examples; in particular protocols for key management and identification. We will also discuss some examples of broken protocols. Book reference: chapters 14 and 15.
We will briefly discuss probabilistic models of encryption and Shannon's notion of perfect security. We discuss Shannon's bound on key length for perfect security and show that the one-time pad achieves this. We introduce the notion of entropy and redundancy of a language and show how the redundancy of the plaintext language affects the amount of ciphertext that is needed for unique decryption.
This material is not covered in the course book.